MNBSD-2021-8: bhyve VirtIO device models memory corruption on descriptor fetch errors

Severity: Unknown

Affected Package: bhyve

Summary: bhyve VirtIO device models memory corruption on descriptor fetch errors

Description

Certain VirtIO-based device models failed to handle errors when fetching I/O descriptors. Such errors could be triggered by a malicious guest, causing the device model code to operate on uninitialized I/O vectors and leading to memory corruption, which could crash the bhyve process or potentially achieve arbitrary code execution in the host.

Affected Versions

bhyve

Recommendations

No specific recommendations provided.

References

Additional Information

Aliases: CVE-2021-29631

Published: August 24, 2021
Last Modified: August 24, 2021